reducing pkg PRs

I am guessing at least half of our pkg PRs are for problems that could
be detected by setting PKG_DEVELOPER=yes and also using pkglint.
It would be good to have a short list to follow before committing a
change or update or new package to pkgsrc. Here is a start:
Use PKG_DEVELOPER=yes. This does sanity checks including:
- compares installed files against PLIST
- checks binaries will find their libraries
- make sure installed scripts can find their #! interpreter
- makes sure installed files don't reference pkgsrc work directory.
- check for sensible permissions for installed files and directories
- checks the C and C++ header files for possible problems
- check for shell script portability (like test == and $RANDOM)
- checks that the package doesn't install files to $HOME
Be sure to not disable CHECK_FILES, CHECK_INTERPRETER, CHECK_SHLIBS, and
CHECK_WRKREF (do not set to "no").
So my questions/comment:
The pkgsrc guide says PKG_DEVELOPER does:
- make sure patches apply with zero fuzz
but that is always done by default regardless of PKG_DEVELOPER as far as
I see (as long as patch -v works).
Also note that MASTER_SORT_RANDOM and PKGSRC_SHOW_PATCH_ERRORMSG will
default to "no" when PKG_DEVELOPER is "yes"? Does anything in pkgsrc
even use PKGSRC_SHOW_PATCH_ERRORMSG -- I don't see it.
What about CHECK_FILES_STRICT ?
Should CHECK_WRKREF default have more features?
Should vulnerability database be updated?
Anything to also add to the list of suggestions for improving packages
before commit to cvs?